Are you an ostrich?

Print This Post

27 August 2014


Does everyone in your firm know who the COLP/COFA is?

Burying its head in the sand may work for an ostrich but it most definitely won’t work for those employed within law firms, especially if they are responsible for compliance.

COLP/COFAs have many obligations under the SRA authorisation rules, including making sure their firms have systems and procedures in place to mitigate any risks they identify, but they also have to ensure that such systems and procedures are policed and where appropriate, enforced.

But how can firms do this effectively?

Many firms use file reviews and regular supervision meetings to monitor compliance, but these are unlikely to find compliance gaps involving support staff, and depending on what is covered in these areas even compliance gaps involving fee earners may be missed.

One way of checking for compliance gaps is to survey your staff on key compliance issues, for example, an easy question should be “who is your COLP/COFA?”

Many firms are likely to be saying at this point, “everyone knows who the COLP/COFA is within our firm!”, but do they? We recently surveyed a firm that thought its staff knew the right answers but only 3% knew who the COFA was and only 48% knew who the COLP was; this was a real eye-opener for the firm and showed the level of work that needed to be done to ensure all staff were aware of the true position.

But knowing who the COLP/COFA is forms only one part of the survey, we also cover issues relating to complaints, money laundering, data protection, accounts, ethics, etc. Would you as the COLP be happy that only 12% of your staff knew who to report an act or omission that could lead to a claim to, or that 30% of your staff did not know that you had a policy of not accepting cash from clients, or that 20% of your staff would accept a utility bill that was over 6 months old in relation to client due diligence?

You can clearly see from the above examples that many compliance officers have quite a lot of work to do in terms of ensuring their staff ‘walk and talk compliance.’

The SRA, insurers, banks, Lexcel, CQS, ISO, clients, etc., want to see that a firm’s compliance culture runs from top to bottom, and are now looking for more than just a tick box that says the firm has a policy, they want to test what is said and will therefore want to talk to staff as well as managers to see what their understanding of the firm’s compliance systems and processes is.

No firm is going to get it 100% right, and the SRA accepts this, but I would suggest that any firm with a significant number of staff saying they don’t who their COLP/COFA is, would be very much starting off on the wrong foot.

Many firms may be tempted to take the ‘ostrich’ approach and not survey their staff for fear of what they may find, but it is better to find gaps now and address them than leave it for regulators and others to find.

Riliance offers a free anonymous staff compliance survey so if you want to test what your staff know, or don’t know, please contact us for further details.

Telephone: 01829 731200

Email: clientservices@riliance.co.uk

Brian Rogers, Director of Regulation & Compliance Services



Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate



Legal Futures Blog

Are you ready to defend your firm’s reputation in the event of a cyber-attack?

Jonathan Hemus

With cyber-crime making the headlines more and more frequently, it is becoming increasingly important that law firms of all sizes understand how to handle such a situation professionally and keep their reputation intact. Here are some steps any law firm can take to help ensure that a cyber-attack or data breach doesn’t cost them their client base.

December 9th, 2016